1. CVE-Search
  2. CVE-2006-4902
ID CVE-2006-4902
Summary The NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 does not properly check for chained commands, which allows remote attackers to execute arbitrary commands by appending malicious commands to valid commands.
References
Vulnerable Configurations
  • cpe:2.3:a:symantec:veritas_netbackup_client:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:veritas_netbackup_client:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:veritas_netbackup_client:5.1:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:veritas_netbackup_client:5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:veritas_netbackup_client:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:veritas_netbackup_client:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:veritas_netbackup_enterprise_server:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:veritas_netbackup_enterprise_server:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:veritas_netbackup_enterprise_server:5.1:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:veritas_netbackup_enterprise_server:5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:veritas_netbackup_enterprise_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:veritas_netbackup_enterprise_server:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:veritas_netbackup_server:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:veritas_netbackup_server:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:veritas_netbackup_server:5.1:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:veritas_netbackup_server:5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:veritas_netbackup_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:veritas_netbackup_server:6.0:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 20-07-2017 - 01:33)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 21565
cert-vn VU#252936
confirm http://www.symantec.com/avcenter/security/Content/2006.12.13a.html
iss 20061213 Symantec Veritas Netbackup 5.0/5.1 and 6.0 Logic Vulnerability
sectrack 1017379
secunia 23368
vupen ADV-2006-4999
xf backup-invalid-input(27638)
saint via4
bid 21565
description VERITAS NetBackup bpcd daemon command chaining vulnerability
id misc_netbackupbpcd
osvdb 31334
title netbackup_bpcd_command_chaining
type remote
Last major update 20-07-2017 - 01:33
Published 14-12-2006 - 20:28
Last modified 20-07-2017 - 01:33
Back to Top